Devops 
Foundation - Linux 
systems and 
Network 
Administration 


Published 
School of Devops with GitBook 


ns 


Devops Foundation - Linux Systems and Network Administration 


Table of Contents 


Introduction 0 
Linux Systems Administration 1 
User and Group Managment 14 
Configurations 1.1.1 
Commands 112 
Lab 101 : Managing Users and Groups Pe 
Process Management 1.2 
Commands 1.2.1 
Lab 102 : Process Management 1.2.2 
Job Scheduling 1.3 
Lab 103 : Scheduling Jobs 1.3.1 
Localization - Date, Time, Locale 1.4 
Essential Systems Services 1.5 
NTP 1.5.1 
Web Stack Administration 2 
MySQL Administration 2.1 
Lab 201: Install MySQL Server and Client 2.1.1 
Lab 201-1: Reset MySQL Root Password 2.1.2 
Lab 202: Generate MySQL Configs using Percona Wizard 2.1.3 
Apache Administration 2.2 
Lab 203 : Install and Configure and attach ssl certicate to apache Jobs_ 2.2.1 
Lab 204 :Create self signed certificate 2.2.2 
PHP Web Application 2.3 
Lab 205 : Install php5 2.3.1 

Lab 206 : Install and setup Wordpress with Apache with MySQL Backend 
Lab 206-1 : Database Backup and Restore 2.3.3 2:3.2 
Nginx Administration 2.4 
Lab 208 : Install and configure nginx as a reverse proxy 2.4.1 
Lab 209 : Create and attach ssl certificate to nginx 2.4.2 
Tomcat Administration 2.5 


Devops Foundation - Linux Systems and Network Administration 


Lab 207: 


Install and configure tomcat 


Shell/ Bash Scripting 


Networking 


Network Utilities and Troubleshooting 


Lab 401 


Lab 407 


Lab 408 : 
Lab 408 : 
Lab 408 : 


References 


: ping 
Lab 402 : 
Lab 403 : 
Lab 404 : 
Lab 405 : 
Lab 406 : 


telnet 
nmap 
netstat 
traceroute 


tcptraceroute 


: whois 


tcping 
nslookup 


dig 


2.5.1 


Ops Essentials - Systems and Network 
Administration 


This book is aimed to serve as a crash course for anyone with the Operations Engineer/ 
Systems Administrator / Systems Operations Background, to serve as a essential reference 
before taking up courses specific to Devops Engineers. 


A Devops Engineer is typically someone with systems operations background with specific 
skills with new tools. He/She is responsible for enabling organizations with Devops Tools 
and Practices and help other team members such as Developers/QA Professionals to setup 
automated workflows. They are also responsible for building, deploying, automating and 
maintaining the infrastructure which not only runs the applications that the dev team is 
building, but also for setting up and maintaining the internal tools for Cl/CD, Monitoring, 
Performance Measurement, Automated Provisioning and Configuration Management etc. 
He/She is also responsible optimizing applications and systems infrastructure. And when 
there are issues, he/she typically is the one who does initial troubleshooting, triaging and 
escalations. 


To be a well rounded Devops Engineer, one has to have a knowledge on wide breadth of 
tools. Devops Engineers are typically Jack of All Trades, Master of a few. And most 
essentially, they should have a good understanding of underlying operating system. Even 
though role of Devops Engineer is not limitd to one OS, in most likeliness, its some flavor 
GNU/Linux. More over, today's systems are interconnected with complex networking 
systems. Hence, understanding of Linux as well as Computer Networks, servers as two 
essential skills when it comes to Devops Engineers. This book is been written to keeping this 
in mind and should serve as a essential reference for practical skills on systems and network 
administrators. 
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Linux Systems Administration 


User and Group Managment 


User and Group Managemnt 


User Commands 


The following commands are used to create, modify, delete, manipulate the properties of a 
user. 


USERADD 


This command Add/Creates user accounts in Linux. This command can be combined with 
various options 


e useradd Devops - Adds a user named Devops. To unlock this account you need to set a 
password for this user 


e passwd Devops - To set the password for the newly created user 
[ add Devops 


Each line in the /etc/paaswd contains 7 columns which provides us the information about the 
user. It can be interpreted in the following way - 


1. Username - Login name used to access the system - Devops 

2. Password - The letter x signals that shadow passwords are used and that the hashed 
password is stored in /etc/shadow file 

3. UserlD - Devops has been assigned a UID of 501, which reflects the rule that the 
default UID values from 0 to 499 are typically reserved for system accounts 

4. GroupID - The primary Group ID (GID) Group Identification Number stored in /etc/group 
file 

5. Userlnfo - Optional field to fill in extra information about the user like Role or Full Name 
of the user 

6. Home Directory - Location of user's home directory 

7. Shell - Location of user's shell 


USERADD command can be combined with other options to customize user creation as per 


the requirement. Some of the options are - 


useradd -c "Devops User" Devops - Creates a user with "Devops user" as a comment in 
Userlinfo field as stated above 


useradd -d /project/Devops Devops - Creates a user "Devops". Home directory for the 
user "Devops" is set as /project/Devops 


useradd -u 619 Devops - Creates a user "Devops". UserID for the user "Devops" is set 
as 619 


useradd -g 719 Devops - Creates a user "Devops". GroupID for the user "Devops" is set 
as 719 


useradd -g gO -G g1,g2 Devops - Adds the user "Devops" to primary group gO and to 
multiple groups(g1 and g2). You can check about the user is a part of which groups by 
using the command "id Devops" 


a+ Quwork 


useradd -e 2016-10-01 Devops - Creates a user "Devops" with account expiry date of 
October 1st,2016. Date should be mentioned in YYYY-MM-DD format. By default it is 0, 
never expires 


useradd -s /sbin/nologin Devops - Will add a user ‘tecmint‘ without login shell i.e. 
‘/sbin/nologin‘ shell 


useradd -M Devops - Creates a user "Devops" with no home directory. When you 
combine useradd -m it will make sure that "Devops" user is created with Home directory 
if it does not exist 


USERMOD 


This command is similar to useradd except it takes actions on already existing users. It 


modifies the properties of already existing users . You can use this command with almost 


same options as you use with command useradd. 


usermod -c "Am Devops User" -u 619 -e 2016-10-01 Devops - Modifies the user 
"Devops" Userinfo property as stated in the above examples 


e usermod -| Devops_ad Devops - Modifies the user login name from Devops to 
Devops_ad 


e usermod -L Devops - Locks the user "Devops" account. After the account lock, Login is 
disabled and you will see a ! added before the encrypted password in /etc/shadow file 


means password is disabled an user account is locked 


USERDEL 


This command removes the user accounts and files associated to the user from 
Server/Workstation 


e userdel -r Devops - Combining userdel with the -r option removes files in the user's 
home directory along with the home directory itself and the user's mail spool 


e userdel -f Devops - This option forces the removal of the user account, even if the user 
is still logged in. This option is dangerous and may leave your system in an inconsistent 
state 


ID 


This command is used to get the system identifications of a specific user like UID, Groups a 
user belong to. 


e id -u Devops - Displays UserID for the user "Devops" 


e id -g Devops - Displays Groupld for the user "Devops" 


Group Commands 


The following commands are used to create, modify, delete, manipulate the properties of a 
group. 


GROUPADD 


Groups are a useful tool for permitting co-operation between different users. This command 
is used to add a new group to the system. 


e groupadd friends - Adds a group named "friends" with default settings. You can gather 


more information about the group from the file /etc/group 


e groupadd -g 719 friends - Creates a group named "friends" set its GroupID as 719. 
When used with -g and GID already exists, groupadd refuses to create another group 
with existing GID 


e groupadd -r friends - Creates a system group which are used for system purposes 
which practically means that GID is allocated from 1 to 499 if not specified 


NOTE :- If you want to add an existing user to the named group, you can make use of the 
gpasswd command too instead of usermod and useradd. gpasswd is used to unlock the 
group and set password on the group 


e gpasswd friends - Unlocks the group "friends" and sets the required password. 


}* Gp irl 


e gpasswd -a Devops friends - Add the user "Devops" to group "friends". Replacing "-a' 


command removes the user "Devops" from group "friends" 


with "-r 


e gpasswd --members Devops,Devops_ad friends - Adds a list of 
members(Devops,Devops_ad) to the group "friends". This command can be used to 
add multiple users to a group ata time. 


e gpasswd -A Devops,Devops_ad friends - Makes Devops,Devops_ad group 
administrators. A group administrator can add and delete users as well as set, change, 
or remove the group password. A group can have more than one group administrator. 


e gpasswd -r friends - Removes password authentication on the group "friends" 


GROUPMOD 


When a group already exists and you need to specify any of the options now, use the 
groupmod command. The logic of using groupmod is identical to groupadd as well as its 
syntax. 


groupmod -n classmate 


cat /etc/group 


GROUPDEL 


This command is used to delete the group. There are some conditions you should take care 
of before deleting a group. You may not remove the primary group of any existing user; you 
must remove the user before you remove that user's primary group. 


e groupdel friends - Deletes the group named "friends". Below is the error if friends is the 
primary group of any user 


oot@éworke vagrant]? 


Lab 101 : Managing Users and Groups 


Learn About User Commands 


man useradd 


A 


A 


useradd --help 


man id 


A 


A 


id --help 


A 


man passwd 


man usermod 


A 


man userdel 


A 


Create a System User 


Create the following users, 


e dipti 

© pooja 
e ramesh 
e suresh 


Check the Default User Configurations 
$ useradd -D 


While creating users, mention the option to create home directories. 
$useradd -m dipti 
$useradd -m ramesh 
$useradd -m suresh 


$useradd -m dipti 
Validate whether the users have been created 


** Option 1 : Observe /etc/passwd 


$ tail /etc/passwd 


Expected Output: 


dipti:x:501:501::/nome/dipti:/bin/oash ramesh:x:502:502::/home/ramesh:/bin/bash 
suresh:x:503:503::/nome/suresh:/bin/bash pooja:x:504:504::/nhome/pooja:/bin/bash 


** Option 2 : using id command 
$ id dipti $id ramesh $ id suresh $ id pooja 
Set Password 
Check whether password exists, $ cat /etc/passwd 
dipti:!!:16847:0:99999:7::: 
Create password for each users, and validate, 
$ passwd -m dipti 
[Type and retype passwords] 
New password: * 
Retype new password: * 
passwd: all authentication tokens updated successfully. 
Validate 
Logout as root user, and try logging in as the user you created password for. 
$ su - dipti [verify you are able to login] 
Also verify the contents of /etc/shadow which should have a encrypted string instead of !! 


dipti:$6$t99EyAX/$3VCh309qjBEA7aevcRtV57BOHVNSM3WkhIXkK9fe2JQMUQrsj8pxz5pD 
bmrnJloDlJimes3kd.yXxNUNqKpoGpa0:16847:0:99999:7::: 
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Process Management 
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Commands to Managing Process 


1)PS 
2)TOP 
3)PSTREE 
4)FREE 
5)UPTIME 


6)KILL 


Managing Processes 


PS 


PS - This command is used list/see the processes that are running on the Linux 
system/server. Process is a running instance of a program. There are many commands 
which are used to monitor and control these processes in Linux and ps is one such 
command which is used to monitor them. Below are some of the examples which show their 
practical applications. 


* ps -ef - List all the processes that are currently running, where -e is used to display all the 
process, -f is used to display full format listing 


° sa aah | grep ssh - List all the process which are related to ssh 


* ps -f -u vagrant, postfix - List the process related users vagrant and postfix. You can use 
saa 1p to find the process related to that paren user like (#ps -f -u 500) 


e ps -f-p 1307 - List the process which has PID of 1307. You can list multiple process by 
listing multiple PIDs separated by commas in a single command 


° = -f - ise 1295 - List Ne phocess wnled mas PPID of 1295 


e ps -C crond -L -o pid,pcpu,nlwp - List all threads for a particular process(crond). This is 
sometimes useful when a process gets hung and determine the threads running(NLWP) 


e ps aux --sort pmem - Sorts the highest memory consuming process at the bottom. You 
can further dig into that highest memory consuming PID/PPID and get the Memory 
percentage. You may use this data to find a memory leak. Where -v gives the 
components of virtual memroy 


TOP 


This command is much more interactive and real-time than the ps command. This also 
provides the percentage of resources actually consumed by the system. 


e top - Opens up an interactive session which gives information about the resource usage 


12ng, 


PID USER PR. NI VIRT RES SHR S$CPU tMEM COMMAND 


After the top command displays output screen, it is like an interactive session which require 
you to feed the commands to get the desired output as below 


1. O- Gives you a range of options to sort according to the resources 
Cu r id: r window 


ivy 


pnona oS 


2 


Changes the auto refresh interval 


= °43*3 ap ET. 


RES SHR S 8CPU %MEM 


49 S 


3. k- kill a process by desired PID 


4. SpaceTabKey - For instant refresh 


5. top -u vagrant - List the process details for a specific user. In this case it is "vagrant" 


D USER PR NI VIRT RES SHR 


PSTREE 


This command shows the processes that are running on the system too. But it is better in a 
visual way than ps command. This command shows the running processes in the form of a 
tree. It requires no root privileges to run this command. 


e pstree - Gives you the process tree 


= roe ow nt 


e pstree 3039 - List a process based on the PID 


5 c Fs ree 9 


e pstree -a vagrant - Display the command line arguments associated with a particular 


ant]# pstree 


process for particular user 


e pstree -np - Displays the process in sorted way according to PID 


1d——_bash——su——bash su bash su—bash pstree 


FREE 


This command gives us the total amount of Free, Used Physical memory and Swap memory 
of the system. It also gives us the information about the Buffers used by the Kernel. 


e free -m - Displays the amount of memory in MegaBytes. Amount of memory can also be 
seen in different units of Data. Following are the options 


1. -b for bytes 
2. -k for kilobytes 


3. -m for megabytes 
4. -g for gigabytes 
5. --tera for terrabytes 


e free -ms 5 - Displays the amount of memory in MegaBytes continuously every 5 


seconds. "-s" is used in the command to achieve this cycle 


e free -t - It will display an extra line showing the column totals 


UPTIME 


This command gives you a one line display of current time, for how long the system is up, 
how users are logged on, system load averages 


KILL 


This command is used to send Terminate, Stop, Trap, Interrupt etc., signals to the process. 


e kill -I - 


Displays the list of signal numbers that you can choose from 


e kill - Generates SIGTERM signal requesting process to terminate 


e kill -9 - Generates SIGKILL signal for process to terminate immediately or forcefully. You 
can kill multiple PIDs in the following way (kill -9 1234 4356 234) where 1234, 4356, 234 
are distinct processes 


e Kill -9 can be fed to the system in multiple ways like below 


1. kill -s SIGKILL <PID> where SIGKILL is the signal name 
2. kill -s SIGKILL <PID> where SIGKILL is the signal name 
3. kill -s 9 <PID> where 9 is the signal number 


NOTE :- Signal number can be determined by using the above mentioned command kill -I. 
Signal name can be found out by the same command too. The shorthand notation of the 
signal name can be found by the command kill -| signalnumber. Below is the example :- 


e Qis the signal number for SIGKILL. Getting the shorthand notation - 


rant)]# ki -15 


ke 


Scheduing Jobs 


L 103 - Scheduling Jobs with Crontab and 
At 


DATE & TIME ZONE 


DATE - This command is used to get the information about Day, Current 
Date, Time, Timezone, Year 


- #date 


* #date +%D -s YYYY-MM-DD - Changes the date of the system/server (#date +%D -s 2016- 
04-01) 


* #date +%T -s HH:MM:SS - Changes the time on the system/server(#date +%T -s 23:26:00 
-u) where "-u" is used if your system clock is set to use UTC 


Changing Time Zones 


Time zones are used to set time on the servers according to your requirement. There are 
many methods in practice to change the time zones. One of the easiest way of changing the 
time zone is as follows - 


.#date - Displays the date and current time and time zone and it is UTC currently 


Aste 


.#cd /etc/ - Navigate to the directory /etc 
#rm localtime - Remove the file named "localtime" 


#ls /usr/share/zoneinfo/Asia - Lists all the timezones available in Asia. If you list the folder 
/usr/share/zoneinfo/, you can see all the Zones available. You can choose the timezone 


accordingly fs 


#In -s /usr/share/zoneinfo/Asia/Calcutta localtime - Link the Calcutta file from Asia directory 
to file "localtime" 


#date - Displays time from IST timezone and your timezone is changed 


eit Ao 


Network Time Protocol(NTP) 


The Network Time Protocol (NTP) enables the accurate settings of time and date 
information in order to keep the time clocks on networked computer systems synchronized 
to a common reference over the network or the Internet. It is protocol which is run over the 
port "123" and uses UDP. 


Below are the steps to configure NTP server on your local machine - 


NTP Server actions 


¢ #which ntpd - We will get know whether NTP package is installed on the machine and if 
installed it will show the executable file path 


¢ #yum install ntp - Installs the NTP package on your local machine 


¢ #vi /etc/ntp.conf - Edit the configuration as per the requirement. | have removed server 
3.centos.pool.ntp.org and added the loopback address,so that even if my Internet network 
goes down, | can fetch the time my local network or the hardware clock from my machine. 
Further, you need to allow clients from your networks to synchronize time with this server. To 


accomplish this, add the following line to NTP configuration file, where restrict statement 
controls, what network is allowed to query and sync time. REPLACE NETWORK IPs 
ACCORDINGLY 


e chkconfig ntpd on - To make NTP daemon persistent even if the machine reboots, use 
chkconfig 


e chkconfig --list | grep ntpd - Just to br sure that chkconfig is configured 


nd Biol L‘of ‘ } { Giolff 


e service ntpd start - Start the ntpd service 


e system-config-firewall - Configure the firewall for port 123 which is used by ntp on the 
NTP server/current server 


fi firewall protects against unauthorized 

network intrusions. Enabling a firewall blocks 

all incoming connections. Disabling « firewall Please enter o port or port range and protocol. 
allows all connections and ts not recommended, 


Port ¢ Port Range: 
Firew lt: ERE Protocol: 


e ntpstat - To check if the ntp service is up and running. From the image you can see 
there is difference of 111ms which will reduce gradually to lower values. Another way to 
cross check the service is by the command #ntpq -p which shows the pool of ntp 
servers your server is connected to. 


Client Server actions 


e Follow the steps 1 and 2 as mentioned above in the NTP server actions 


e vi /etc/ntp.conf - Enter the IP address of NTP server we have configured above, in the 
ntp.conf file of Client server. Add "prefer" in the entry you make in the ntp.conf file to use 
configured NTP server. Rest of the servers are used just as backup if your NTP server 


goes down. 


e chkconfig ntpd on - To make NTP daemon persistent even if the machine reboots 


e ntpstat - With this you can see that your Client server is synchronised with your own 
NTP server 
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Install MySQL Server 

Examine the MySQL Configurations 

Generate MySQL Server Configurations using Percona’s Tool. 
Install and Configure MySQL Admin 

Connect to MySQL Database 

Create a database and Tables 

Query Data - SELECT 

Modify Data - UPDATE/ALTER 

Backup MySQL Database 


Apache 


Install Apache Web Server with Default Virtual host 
Examine Apache Configurations 

Create Virtual Hosts 

Add Redirect and Rewrite Rules with Apache 
Configure SSL with Apache 


PHP Application 


Install PHP 
Configure PHP with Apache 
Install and setup Wordpress with Apache with MySQL Backend 


Nginx 


Install Nginx 

Examine Nginx Configurations 

Configure Nginx as Load Balancer/ Reverse Proxy 
Configure SSL Certificate with Nginx 


Tomcat 


22. 
23. 
24. 
25. 


Install Java and prerequisites 

Install Tomcat 

Tomcat Configurations 

Deploy a Sample Application with Tomcat 


Install MySQL Server 


Install mysql-server 


sudo yum install mysql-server 


Start mysqld service 


sudo service mysqld start 


Validate 


sudo service mysqld status 


[Expected Output: "Should be Running"] 


install MYSQL Client 


sudo yum install mysql 


To set/reset set a root MySQL password 


Guide to reset root password 


Reset MySQL Root Password (On MySQL 
Version 5.7.6 and later) 


Stop MySQL Service and Start it again with -- 
skip-grant-tables options 


sudo service mysqld stop sudo mysqld_safe --skip-grant-tables & 

Login to mysql server 

mysql 

From MySQL Prompt reset the password 


FLUSH PRIVILEGES; 


For MySQL 5.7.6 and later 


ALTER USER 'root'@'localhost' IDENTIFIED BY 'password'; 


For MySQL 5.7.5 and earlier 


SET PASSWORD FOR 'root'@'localhost' = PASSWORD (‘[password]'); 


d to logout 


Restart MySQL Service 


service mysqld stop service mysqld start 


Validate 


mysql -u root -p [Enter Password and login ] 
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Generate MySQL Configs using Percona 
Wizard 


- Visit to Percona 
site(https://tools.percona.com) 


Percona Tools 


- Click on Create Your mysql Configuration 


e C6 httos:/toois.percona.com oO & = 


HE Appa te Bookmiarkn — ) inetaiting te AWS (<> How To Inatati Pupp N Simplify Your Lite [_] An Anuitée Tutorin [i Senau-Evente ane —Q Ceploy your codu» = Boginner's Guide » (omer Bookmarks 
& Siog @ Forums © Percans Le X online Toots @ Cisomer Portal & Contact , Q 
@O PERCONA Services = Software = Solutions Community © Resources » About Percona ~ 


Percona Tools for MySQL 


Free online productivity tools for MySQL DBAs, SysAdmins and Developers 


en ir Create an account 


ABOUT PERCONA 
PERCONA CONFIGURATION WIZARD FOR MYSQL 


EMERGENCY? Get 


Percona is the only compeny that 


Your application may require settings that the default MySQL configuration file does 


delivers enterpri Jass software, 


not provide. The free Percona Config 1 Wizard for MySQL applie cieheneeain | upport, consulting and manage 

orac to achieve better MySQL database performance an Rarer s solutions for both 

complexity. and risk ¢ stomizing a my.cnf configuration file an yaur awn — one | MySQOL® and MongoD8® across 

You can make smarter MySQL configuration decisions in minutes. Tens of thousands | traditional and cloud-based 

of other MySQL users have already created custom my.cnf files using thistool, The platforms that maximize 
guration fi eate will be saved for your future use and you can easily share them with your colleagues application performance while 


Registration is required * streamlining database efficiencies 


Create your MySQL Configuration 


morked with aver 3,000 
chents worldwide, including the 
largest companies on the internet 
who use MySQL, Percona Server, 


PERCONA QUERY ADVISOR FOR MYSQL Amazon® R05 for MySQL. 
MariaDB® and MangoDB. 


Analyzing your MySQL queries. can be difficult and time consuming. While they may 


- Create An account or sign in (if you already 
have an account) 


- goto Dashboard and Click on configure a 
new server 


Lab 202: | 


ise) 
oOo 


erate MySQL Configs using Per 


QO PERCONA Services = Software » Solutions = Community = Resources » Anout Percona » 


Free online productivity tools for MySQL DBAs, SysAdmins and Developers 


W deepak Sig! it 


Now 


Help 


7 


YOUR DASHBOARD 


LS 
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Saved Configurations 


Below is a list of the server instances you've configured, You can view and delete these configurations anytime you like, or 


Configure a New Server Selected Servers: | | | | 


Server Name Status Permalink 
sarve Production Not Shared 


Saved Queries 


You have no saved queries 


Analyze a new Query 


- answer the question on configuration wizard 
and click on next (you can leave some field 
blank which are not mandatory) 


PERCONA CONFIGURATION WIZARD FOR MYSQL 


Apply Percona best practices to achleve better MySQL database performance and avoid the tims, complexity, and risk of customizing a my.cnf configuration on your 


own. Simply copy and paste the results of the Percona Configuration Wizard for MySQL Into your my.cnf file. 


have alrea 


Tans of thousands of MySQL used this toal to improve their MySOL performance When you comp your configuration files are 


saved far future use and you can easily share them with colleagues. Registration is required but your Information will not be shared with third parties 


Step 7 of 7- Tell Us About Your Workload 


The suggested configuration will be influenced by the way you use your MySQL server 
Skip this step 


> What will this server's role be? Production ¢ 


Will this server be a production MySOL datahase server, 


ar will it be used for some other purpose? 


> Will this be a dedicated server? This is a dedicated server 


Will the server be dedicated to MySQL, or will it also run 
other services such as Apache, PHP, JBoss, or other 


applications? 


- after click on DONE you will get your mysql 
configuration file 
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THIS IS YOUR MYSQL CONFIGURATION FILE! 


You can find your generated MySQL server configuration below, You can place this into your my.cnfor my.inifile. Remember, although this is designed to be a good 
starting configuration for installing a new server, it may not include al! options you need. This cantiguration should nat be used to fine-tune an existing server, 


(nysalel 

# GENERAL & 

user = mysql 
defoult-storage-engine = Innob8 

socket = (var/nysql/mysgl sock 
pid-file = War /sysql /nysql oid 
 MyTSAM 

key-buffer-size = 32M 

myisat-recover » FORCE, BACKUP 

# SAFETY # 

ax-al lowed-packet = 164 
max-connect-errors = 1908080 


ff DATA STORAGE # 
datodir ~ War/tysal/ 


4 BINARY LOGGING & 


— Share th file Email me this file Emall to a Friend 
Lonigure anoter server 


Lab 202: Generate MySQL Configs using Percona Wizard 
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Install And Configure Apache 


- Install apache 


sudo yum install httpd 


- Start httpd service 


sudo service httpd start 
direct your browser to your server’s IP address 
Note :- if you are not able to access check firewall(iptables). Sudo service iptables 
stop. 
€ 2 ¢ 10003 wv @G= 


Ht apps ge Bookmaria fj installing a AWS C<*) How To Install Pupp, = N Simpaty Your Lite wy — [_] An Ansitie Tutors [) Sersu- events and QA Deploy yourcade » «— & Beginner's Guide » [Gj Other Bookmarks 


Apache 2 Test Page 


powered by CentOS 


This page !s used to test the proper operation of the Apache HTTP server atter it has been installed. if you can read this page it means that the Apache HTTP server installed at this site is vrorking 
property. 


lf you are a member of the general public: If you are the website administrator: 

The fact that you are seeing this page indicates that the website you just visited is either You may now add content to the directory /var/uww/ntni/. Note that until you do so, people 

experiencing problems or is undergoing routine maintenance. visiting your website will sea this page and not your content. To prevent this pags from ever 
being used, follow the insiructions in the file /ete/nttps/cont.d/weleame cons. 

ff you would like to let the administrators of this website Know that you Ve seen this page 

instead of the page you expected, you should send them e-mail. In general, mail sent to the You are free to use the images below on Apache and CentOS Linux powered HTTP servers. 

name “webmaster” and diracted to the website's domain should reach the appropriate person. Thanks for using Apache and CentOS! 

For example, if you experienced problems while visiting www.example.com, you should send &- 

mail to “webmaster@example.com”. Sa PACHE 

About CentOS: 


The Community ENTerprise Operating System (GantOS) Linux is a community-supported enterprise distribution derived trom sources freely provided to the public by Red Hat. As such, CentOS Linux 
aims to be functionally compatible with Red Hat Enterprise Linux. The CentOS Project is the organization that builds CentOS, We mainly change packages to remove upstream vendor branding and 
artwork. 

For information on CentOS please visit the CentOS website. 

Note: 


CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project, If you have issues with the content of this 
site, contact the owner of the domain, not the CentOS Project. 


Unless this server is on the centos.org domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site. 
For example, if this website is www-example.com, you would find the owner of the axample.com domain at the following WHOIS server: 
Al Es] 


- Create Virtual Hosts 


1. create below directory 


sudo mkdir -p /var/www/schoolofdevops 
cd /var/www/schoolofdevops 
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2. create index.html file and put below content 


<hi> Welcome to School of Devops</h1i> 


3. create new virtual host file 


sudo touch /etc/httpd/conf.d/schoolofdevops.conf 


4. put below contenet in new virtual host file i.e. 
schoolofdevops.conf 


<VirtualHost *:80> 
ServerAdmin root 
ServerName schoolofdevops.org 
ServerAlias www.schoolofdevops.org 
DocumentRoot /var/www/schoolofdevops/ 
</VirtualHost> 


5. restart httpd service 


sudo service httpd restart 


6. visit our new page (http://serverip) 


€ (%5 10.0.0.3 Oo & = 
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Welcome to initcron 


attach ssl certificate to schoolofdevops site 


1. create ssl certificate and store them in /etc/httpd/ssl 
directory 


follow this lab to create ssl certificate 


2. install mod_ssl module 


sudo yum install mod_ssl 


3. add below contenet in 
letc/httpd/conf.d/schoolofdevops.conf file 


<VirtualHost *:443> 

ServerAdmin root 

ServerName schoolofdevops.org 

ServerAlias www.schoolofdevops.org 

DocumentRoot /var/www/schoolofdevops/ 

SSLEngine on 

SSLCertificateFile /etc/httpd/ssl/server.crt 

SSLCertificateKeyFile /etc/httpd/ssl/server.key 
</VirtualHost> 


4. visit our https page (https://serverip) 


Click on Proceed to IP button to check your page 


€ CS i hepsy/10.0.0.3 & O= 
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Your connection is not private 


Attackers might be trying to steal your information fram 10.0.0.3 (for example, 
passwords, messages, or credit cards). 


This server could not prove that it is 10.0.0.3; its security certificate is not trusted by your 
computer's operating system. This may be caused by a misconfiguration or an attacker 
intercepting your connection. 


Procemd to 10.0.0. {unsato) 


Create and attach ssl certificate 


- Make directory for the certificate 


sudo mkdir /etc/httpd/ssl 
cd /etc/httpd/ssl 


- Create a server key and Certificate Signing 
Request 


o Creating the private server key 


sudo openssl genrsa -des3 -out server.key 1024 


Note:- you will be asked to enter a specific passphrase. Be sure to note this 
phrase carefully 


o Creating a certificate signing request: 


sudo openssl req -new -key server.key -out server.csr 


[vagrant@node conf.d]$ sudo openssl req -new -key server.key -out server.csr 
Enter pass phrase for server.key: 

You are about to be asked to enter information that will be incorporated 
into your certificate request. 

What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank 

For some fields there will be a default value, 

If you enter '.", the field will be left blank. 


Country Name (2 letter code) [XX]:IN 
State or Province Name (full name) []:maharashtra 


Locality Name (eg, city) [Default City]:pune 

Organization Name (eg, company) [Default Company Ltd]:initcron 
Organizational Unit Name (eg, section) []:devops 

Common Name (eg, your name or your server's hostname) []:10.0.0.3 
Email Address [J:abcd@initcron.org 


Please enter the following ‘extra’ attributes 
server { 

to be sent with your certificate request 

A challenge password []: 

An optional company name []: 


"Common Name" :- Enter your official domain name here or, if you don't have one yet, 
your site's IP address. 


- Remove the passphrase 


sudo cp server.key server.tmp 
sudo openssl rsa -in server.tmp -out server.key 


Note:- In the event that nginx crashes or needs to reboot, you will always have to 
re-enter your passphrase to get your entire web server back online. So to avoid it 
remove the passphrase 


- Sign you ssl certificate 


sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 


Install php 


- install php5 with mysql bindings 
sudo yum install php php-mysql sudo service httpd restart 


- create info.php file and display it on browser 


o follow this lab to install apache if it is not installed 


Install and configure apache 


o Create the info.php file and add below content. 


sudo vi /var/www/schoolofdevops/info.php 


o Check your info.php page by 
http://youripaddress/info.php 
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promeer 


Linux nod6.in 2.6 52-504.66 x86_64 #1 SMP Wed Oct 15 04:27:15 UTC 2014 18554 
sul 9 2015 17:39:38 


eeneee-pesfocedtsr! 
fatadir=Ausevenare’ 


jandir/usesnaretmen' info: 
ride =ib6d’ -with-contg-tile-path=iatc ~ith-oonthp-fla-eca- 

dinetenciona.d' -disable-dubug! “with-pic! “disable ratty Sweat poor’ “with-tz2! with 
exeo-dir-tusobin' ~wit{reetyoe-dir=iusr -wth-ng-dr-fuar’ “-with-ape-dir-vust' —enatle-gd- 
ative-tit “anthour-gdberr '—with-gettext" —with-gnp’ -attn-icany ‘win jnag-dr=iuer “with 
lopensst ‘-wih-pure-regexmlusr! ~witr2lb! \-wth-lnyouteGNU! “-eneble-exo? ‘-enableettp! 
enable-magio-quotes’ ~enabia-sockets" \-enabls-syeveen’ '-snable-eysvanm' “-enable- 


disable amiraadar * blo-xmbenter’ wrnout sqinad’'-daable 
--diaable-jaon’ ~without-pepet "-disaete-nde' ~without-cutl''~ 
disaoke-posx' *-disaaie-ryavmeg' \-Clsable-aysvanm’ —disabee-Ryavsen 


Apache 2.0 Handiar 
disaiied 


vetofphp.ini 


Jetefetipd 


Jelciphp.dicurl ini, fetophp.dMileints. hy, tetalpha.dijson irs, jetciphp dlmyant.ey 
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Install and setup Wordpress with Apache 
with MySQL Backend 


1. Install and configure apache (skip this step if 
alreday installed) 


follow this lab to install and configure apache 


2. installed mysql-server 


follow this lab to install and configure mysq| 


3. install php5 


follow this link to install php5 


4. Install and configure wordpress application 


¢ Download wordpress application 


cd /var/www/html 

wget http://wordpress.org/latest.tar.gz 
tar -xzvf latest.tar.gz 

chown -r apache:apache wordpress 

rm -rf latest.tar.gz 


o Create database wordpress with full access to user 
wordpress 


goto Mysq Shell 

mysql -u root -p 

create database for wordpress 
CREATE DATABASE wordpress; 


create user for wordpress 
CREATE USER wordpress@localhost; 


set password for wordpress user 
SET PASSWORD FOR wordpress@localhost= PASSWORD("password"); 


Grant PRIVILEGES to wordpress user for wordpress database. 

GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost IDENTIFIED BY 
"password'; 

FLUSH PRIVILEGES; 

exit 


o Configure wordpress application 


Note:- Overwrite the index.php file or reomve any old index.php file which we 


have create before copying 
sudo cp -r ./wordpress/* /var/www/schoolofdevops 


Wordpress application require one php-module which is not present in your 
server 


php-gd 
sudo yum install php-gd 
yum info php-gd 


Edit the wp-config.php file and put appropriate values of variable 
vi /var/www/schoolofdevops/wp-config.php 


// ** MySQL settings - You can get this info from your web host ** // 
/** The name of the database for WordPress */ 
define('DB_NAME', 'database_name_here'); 


/** MySQL database username */ 
define('DB_USER', 'username_here'); 


/** MySQL database password */ 
define('DB_PASSWORD', 'password_here'); 


/** MySQL hostname */ 
define('DB_HOST', 'localhost'); 


sudo service httpd restart 


o Check your wordpress application by visiting 
(http://youripaddress) 
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€ % © 5 10.0.0:a%Wp-admininstail php oO = 


Wy) 


‘Welcome to the famous five-minute WordPress installation process! Just fill in the information below and 
you'll be on your way to using the most extendable and powerful personal publishing platform in the world, 


Welcome 


Information needed 


Please provide the following information. Don't worry, you can always change these settings later. 
i 


Usernames can have only dpnarwmeric cheracters, space’, underscores, hyphens, periods, and the 
@ symtel. 


Password u3ty7QkthoL.trawnk SE Hide 


Important: You will need this castword to login, Please store it Ine secure location. 


Your Email 
Devaiw-cree’ your ninal! addenss before contioniey,, 
Search Engine 2 Discourage search engines from indexing this site 
Visibility Nisupltia search engines to honor this request. 
| Install WordPrens 
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CDatabase Backups and Restore 


Backing up Wordpress using mysqldump 


cd /opt 
mysqldump -u [username] -p[password] [database_name] > [wordpress_backup.sql] 


Test the Backup 


On the DB Server 


Login to MySQL and verify existing data 


mysql -u root -p USE wordpress; SHOW TABLES; ~~ 


From MySQL Prompt, Delete Wordpress Database 


USE mysql 
DROP DATABASE WORDPRESS; 


[Output: Query OK, 12 rows affected (0.28 sec)] 


Validate the wordpress database is deleted 


information_schema | | mysql | | performance_schema | | sys | +-------------------- + 4 rows in 
set (0.00 sec) 


Restore 


mysql -u root -p < /opt/wordpress_backup.sql 


Validate Data Restore 


mysql -u root -p USE wordpress; SHOW TABLES; ~*~ 


Scheduling Daily/Nightly Backups 


¢ Create a file wordpress _backup.sh and edit it 


vi /root/wordpress_backup.sh 


¢ Write backup script for wordpress dump 


#!/bin/bash 

current_date= date +%Y-%m-%d~ 
sudo mkdir -p ~/wordpress_backup 
cd ~/wordpress_backup 


sudo mysqldump -u root -ppassword wordpress > wrodpress_backup_${current_date}.sql 


e Schedule above script at 12:00 am daily 


crontab -e 


add below entry in crontab as follow 
0 @ * * * /bin/bash /root/wordpress_backup.sh 


Install and configure nginx as a reverse 
proxy 


1. we have to run apache in the backend and 
nginx in the frontend so to run both in the one 
server we need to change the port of apache. 


e Edit the httpd.conf file and find the below line and change the port number to 8080 sudo 
vi /etc/httpd/conf/httpd.conf 
# 
# Listen: Allows you to bind Apache to specific IP addresses and/or 
# ports, in addition to the default. See also the <VirtualHost> 
# directive. 
# 


# Change this to Listen on specific IP addresses as shown below to 


# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) 
# 


#Listen 12.34.56.78:30 
Listen 8080 


Restart Apache and validate service httpd restart 
[Output: tcp 0 0 :::8080 :::* LISTEN 10170/httpd] 


netstat -pan | grep 8080 


2. Install nginx 


sudo yum install nginx 


3. Configure nginx for apache 


¢ Create a file wordpress.conf 


vi /etc/nginx/conf.d/wordpress.conf 


e Add the below block of code 


server { 
listen 80; 
location / { 

proxy_pass http://127.0.0.1:8080/; #add you IP of apche server 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

proxy_set_header X-Forwarded-Proto $scheme; 


4. Do a configuration test 


sudo service nginx configtest 


5. Disable Default Host Config for Nginx 


mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak 


6. Reload the nginx config 


sudo service nginx reload 


7. visit the info.php page and check the variabe 
value 


¢ © | 5 10.0.0.3/into.php 7 
SERVER SIGNATURE [eaddresseApaohar2,2,15 (CentOS) Server at 10.003 Pon BO-<iaddrase> 


Apache2.2.15 (CenOS} 
10.0.0.3 
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Create and attach ssl certificate to nginx 


1. create ssl certificate 


Use this labe to create ssl certificate 


2. edit the wordpress.conf file 
(/etc/nginx/conf.d/wordpress.conf) 


vi /etc/nginx/conf .d/wordpress.conf 


3. Append the block of code below to existing 
configurations 


server { 
listen 443; 


ssl on; 
ssl_certificate /etc/httpd/ssl/server.crt; 
ssl_certificate_key /etc/httpd/ssl/server.key; 


location / { 
proxy_pass http://127.0.0.1:8080/; 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 


proxy_set_header X-Forwarded-Proto $scheme; 


Note:- if you are using 443 port on apache then change the port to something else like 
listen 445 


server { 
§ listen 80; 


location / { 
proxy_pass http://10.0.0.3:8080/; 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header X-Forwarded-Proto $scheme; 


} 


server { 
listen 443; 


ssl on; 
ssl_certificate /etc/nginx/ssl/server.crt; 
ssl_certificate_key /etc/nginx/ssl/server.key; 


location / { 
proxy_pass http://10.0.0.3:8080/; 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header X-Forwarded-Proto $scheme; 


4. Visit the info.php ( 
) 


€ Ci & nttps://10.0.0.3/info. phe Oo 


Your connection is not private 


a! your information from 10.0.0.3 (for example 


Install and configure tomcat 


1. install java 


sudo yum install java-1.7.0-openjdk 


2. install tomcat 


sudo yum install tomcat 


sudo yum install tomcat-webapps tomcat-admin-webapps 


3. configure the tomcat 


¢ open tomcat.conf file 


sudo vi /etc/tomcat/tomcat.conf 


¢ add the below JAVA_OPTS line 


JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xmx512m 
-XX:MaxPermSize=256m -XX:+UseConcMarkSweepGC" 


¢« Put the appropriate value of JAVA_HOME 


JAVA_HOME="/usr/lib/jvm/jre-1.7.0-openjdk.x86_64/" 


System-wide configuration file for tomcat services 

This will be sourced by tomcat and ony secondary service 
Values will be overridden by service-specific configuration 
files in /etc/sysconfig 


Use this one to change default values for all services 
Change the service specific ones to affect only one service 
(see, for instance, /etc/sysconfig/tomcat) 


eee k @ & RR 


Where your java installation lives 
JAVA_HOME=" /usr/1ib/jyn/jre-1.7.@-openjdk . x86_64/" 


# Where your tomcat installation lives 
CATALINA_BASE~"/usr/share/tomcat" 
CATALINA_HOME="/usr/share/tomcat” 
JASPER_HOME="/usr/share/tomcat" 
CATALINA_TMPDIR="/var/cache/tomcat/temp" 


# You can pass some parameters to java here if you wish to 
#JAVA_OPTS="-XminfO.1 -XmaxfO. 3" 


# Use JAVA_OPTS to set jova.library.path for libtcnative.so 
#JAVA_OPTS="-Djava. Library .path=/usr/Lib" 


# What user should run tomcat 
TOMCAT_USER=" tomcat" 


# You can change your tomcat locale here 
#LANG~"en_US" 


# Run tomcat under the Java Security Manager 
SECURITY _MANAGER="false” 


# Time to wait in seconds, before killing process 
SHUTDOWN_WALT "30" 


# Whether to annoy the user with “attempting to shut down” messages or not 
SHUTDOWN_VERBOSE="false” 


# Set the TOMCAT_PID location 
CATALINA_PID="/var/run/tomcat. pid" 


# Connector port is 8680 for this tomcat instance 
@CONNECTOR_PORT="828%" 


# If you wish to further customize your tomcat environment, 

# put your own definitions here 

# Ci.e. LD_LIBRARY_PATH for some jdbc drivers) 

JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djavo.awt.headless=true -XmxS512m -XX:MaxPermSize=Z56m -XX:+UseConcvarkSweepGC” 


4. Change the tomcat's default port from 8080 
to 9090 (skip these step if you are not running 
anything on port 8080) 


Note:- default port on which tomcat run is 8080 but we are alresay running apache on 
that port. 


¢« Open file server.xml 


sudo vi /etc/tomcat/server.xml 


e find the below line 


<Connector port="8080" protocol="HTTP/1.1" 


« Change the port from 8080 to 9090 


<Connector port="9090" protocol="HTTP/1.1" 


¢« restart the tomcat service 


sudo service tomcat restart 


5. open the tomcat management console 


http://serveripaddress: 9090 
€ e 10.0.0.3:9090 = rr 7 


Home Documentation Configuration Examples Wiki Mailing Lists Find Help 


Apache Tomcat/7.0.33 WP Ashe Software Foundation 
http: //www.apache,org/ 


™ Recommended Reading: 


Security Considerations HOW-TO 
Manager App 

Manager Application HOW-TO 

Clustering/Session Replication HOW-TO Host Manager 
Developer Quick Start 
Tomeat Setup Realms & AAA Examples jorvie' ecifications 
First Web Application JDBC DataSources Tomcat Versions 
Managing Tomcat Documentation Getting Help 
For security, aocess to the manager webepp is Tomeat 7.0 Documentation EAQ and Mailing Lists 

. 2 defi in; 

Ua aitaatalha dill Tomeat 7.0 Configuration The following mailing lists ere available: 
SCATALINA_HOKE/cont/tomat~-users. xm) 

Tomeat Wiki sonounceditomeatanache.cra a 
in Tomcat 7.0 access to the mi a Important announcements, releases, seourity 
eae is dcik bation detecant Uioes Haden important configuration vulnerability notificatians. (Low volume). 
Read mare... patient cors@tomcat apache om 

SCATALINA HOME / RUNNING. txt User suppor and ciscussion 
Release Notes , Ingths user@temes!.aparhe arg 
PRamae Developers may be interested in; User support and ciscunsion for Apache Taglés 
ARE ngelog Tomcat7.0 Bug Ostabese CenTnomcaLapacts.org 
Migration Guide Tomeat 7.) Jevabocs Development maiing list, including commit 

massages 
Security Notices Tomeat 7.0 SVN Renoait 
Ta Tom Cantect 
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6. Configure Tomcate Web Mangment Interface 


- open tomcat-users.xmll file 


sudo vi /opt/tomcat/conf/tomcat-users. xml 


- add the below line between <tomcat- 
users>...</tomcat-users> (change the 
username and password accordingly) 


<user username="initcron" password="password" roles="manager - gui, admin-gui"/> 


<?xml version="1.0" ancoding='utf-8'7> 


<i-- 


ig 
nder the Apache License, Version 2 
this file except in compliance with 
the License, You ray obtain a copy of the License at 


http://www. apache.org/licenses/LICENSE-2.8 


Unless required by applicable lon or agreed to in writing, software 
distributed under the License is distr on an “AS IS” BASIS, 
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either exp) 

See the License for the specific Language governing permissions and 
limitations under the License 


<tomcat-users> 


<user usernanme~"initcron” password-“password” rolese"manager-gut ,admin-gui “AI 
5 


NOTE: By default, no user is included in the “manager-gui" role required 
to operate the “/manager/html” wel Rication. If you wish to u: s 
you must define such a user - the username and possword are arbitrary. 


: The sample user and role entries below are wrapped in a conment 
S are ignored when reading this file. Do not forget to remove 
-> that surrounds them. 


cot-users> 


Restart the tomcat service 


sudo service tomcat restart 


Note:- now if you click on server setup or other option it you will have to pass the 
above credential 


7. setup sample application 


Download sample application 


wget https://tomcat.apache.org/tomcat -6.0-doc/appdev/sample/sample.war 


move the sample application to 
CATALINA_HOME/webapps directory 
(/usr/share/tomcat/webapps) 


Note:- you can see CATALINA_HOME variable value in /etc/tomcat/tomcat.conf 
file 


mv sample.war /usr/share/tomcat/webapps 
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e visit sample apllication by http://ip-address:9090/sample 
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Sample "Hello, World" Application 


This is the home page for @ sample application used to ilustrate the source directory organization of a web application utilizing the principles outlined in the Application Developer's Guide, 


To prove that they work, you can execute cither of the following links: 


* Toa JSP page. 
« Toa servlet. 
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ping, ping6:- 


send ICMP ECHO_REQUEST to network hosts. It is use to find connectivity between two 
nodes. Ping uses ICMP protocol. ping6 is IPv6 version of ping, and can also send Node 
Information Queries (RFC4620). 


Usage:- 


ping [-aAbBdDfhLnOqrRUvV] [-c count] [-F flowlabel] [-i interval] [-| interface] [-I preload] [-m 
mark] [-M pmtudisc_option] [-N node-info_option] [-w deadline] [-W timeout] [-p pattern] [-Q 
tos] [-s pack- etsize] [-S sndbuf] [-t ttl] [-T timestamp option] [hop ...] destination 


Options:- 


1. ping IP_addr/domain_name 


By default ping without any option uses to check network connection between two nodes by 
sending & receiving packet to & from nodes. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# ping www.google.com 

ING www.google.com (216.58.197.36) 56(84) bytes of data. 

64 bytes from maa@3s20-in-f4.1e10@.net (216.58.197.36): icmp _seq=1 ttl=57 time=51.1 ms 
p4 bytes from maaQ@3s20-in-f4.1e100.net (216.58.197.36): icmp _seq=2 ttl=57 time=10.3 ms 


64 bytes from maaQ@3s20-in-f4.1e100.net (216.58.197.36): icmp_seq=3 ttl=57 time=11.4 ms 


--- www.google.com ping statistics --- 
3 packets transmitted, 3 received, 0% packet loss, time 20@3ms 
rtt min/avg/max/mdev = 10.363/24.335/51.197/18.999 ms 


2. ping —a IP_addr/domain_name 


Ex. ping —a www.google.com 


Audiable ping, it gives beep after every packet transmittion & reception. 


3. ping domain_name 
Ex. ping www.google.com 


Use to find out ip address of specified domain name. 


4. ping [-i interval ] IP_addr/domain_name 
Ex. ping —i 5 www.google.com 


This is used to ping increase/decrese time interval, as mention in command. By default ping 
takes 1sec interval to send packets but with this utility we can increase/decrease its time 
interval. 


5. ping [-c count] IP_addr/domain_name 


Ex. ping —c 4 www.google.com 


command cannot stop automatically we have to terminate it with CTRL+c. But with this utility 
we can specify no. of packet count ping can send , once it done it stop automatically. 


6. ping -f IP_addr/domain_name 


Ex. ping -f www.google.com 


Flood ping. here it send “.” For every ECHO_REQUEST & received backspace for every 
ECHO_REPLY. So increases output, ping can send thousands of packets in few seconds. 


7. ping [-| preload] IP_addr/domain_name 


Ex.ping —| 4 www.google.com 


If preload option is specified then ping sends that many packets only not waiting for reply. 
Preload value more than 3 sudo privileges requires. 


8. ping [-p pattern] IP_addr 


Ex. ping —p aa 127.0.0.1 


You may specify up to 16 “pad” bytes to fill out the packet you send. This is useful for 
diagnosing data-dependent problems in a network. For example, -p ff will cause the sent 
packet to be filled with all ones. 


9. Ping [-m mark] IP_addr 


Ex. ping —m 10 127.0.0.1 


This extends ping to send a packet out based on a given mark using -m option. Useful with 
policy routing to take different paths to same destination. 


10. ping —q IP_addr 
Ex. ping —q 127.0.0.1 


Ping specified with q option nothing print on screen when we terminate command it prints 
only ping statistics summary. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# ping -q 127.0.0.1 
PING 127.@.0.1 (127.0.0.1) 56(84) bytes of data. 


--- 127.0.0.1 ping statistics --- 
26 packets transmitted, 26 received, 0% packet loss, time 24997ms 
rtt min/avg/max/mdev = 0.023/0.059/0.080/0.013 ms 


11. ping [-s pack- etsize] IP_addr 
Ex. ping —s 110 1270.0.01 


Ping with s option , we can modify packet size of ping command. By default its range 
between 56 to 100. Ping has header size is ‘28’ so packet bytes send by ping in total is = 
ping packet size + ping header size. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# ping -s 110 127.0.0. 
PING 127.0.0.1 (127.0.0.1) 110(138) bytes of data. 

118 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.028 ms 

118 bytes from 127.@.0.1: icmp seq=2 ttl=64 time=@.054 ms 

118 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.058 ms 


118 bytes from 127.@.0.1: icmp seq=4 ttl1=64 time=@.052 ms 

v 

--- 127.0.0.1 ping statistics --- 

4 packets transmitted, 4 received, 0% packet loss, time 2998ms 
rtt min/avg/max/mdev = 0.028/0.048/0.058/0.011 ms 


Here total byte send = 110 + 28 = 138 


12. ping [-w deadline] IP_addr 


Ex. ping —w 4 127.0.0. 


Ping by default gives continuous output ,it cannot terminate itself , if we specify ‘w’ g with 
time then ping will stop automatically after specified time interval given in command. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# ping -w 4 127.0.0.1 
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 

64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.023 ms 

64 bytes from 127.0.0.1: icmp _seq=2 ttl=64 time=@.049 ms 

64 bytes from 127.0.0.1: icmp _seq=3 ttl=64 time=0.052 ms 


v 
--- 127.0.0.1 ping statistics --- 

3 packets transmitted, 3 received, 0% packet loss, time 1998ms 
rtt min/avg/max/mdev = 0.023/0.041/0.052/0.014 ms 


Time 
=3998ms(@4sec) 


13. ping —R IP_addr 


Ex. ping —R 127.0.0.1 


Ping with option ‘R’ we can record & prints the network routes through which packets is sent 


& received. 

root@vagrant-ubuntu-trusty-64: /home/vagrant# ping 
PING 127.0.0.1 (127.0.0.1) 56(124) bytes of data. 
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0. 
RR: 127.0.0.1 


bytes from 2.8.1: icmp _seq=2 ttl=64 (same route) 
bytes from .@.0.1: icmp seq=3 ttl=64 time=@.055 (same route) 
bytes from 2.0.1: icmp _seq=4 ttl1=64 time=0.06@ (same route) 
bytes from 0.0.1: icmp seq=5 ttl=64 time=0.060 (same route) 


--- 127.0.@.1 ping statistics --- 
5 packets transmitted, 5 received, 0% packet loss, time 3997ms 
rtt min/avg/max/mdev = 0.023/0.050/0.060/0.014 ms 


14. ping [-M pmtudisc_option] IP_addr 
Ex .ping —M do 127.0.0.1 


Select Path MTU Discovery strategy. Their are three parameter provided with MTU 
discovery do/don’t/want. These are use along with packet size ,if packet size is greater than 
maximum data payload depend on MTU parameter specified it takes decision to fragment 
packet or not. 


15. ping IP IP_addr IP_addr 


Ex. ping 192.168.2.3 192.168.33.1 192.168.64.1 


We can specify path to reach ping packet to destination address. But here its important if 
any one path is not reachable then the ping fails to send packet to destination address. 


16. Ping —D IP_addr 


Ex . ping —D 127.0.0.1 


It prints time stamp before each line in format (unix time + microseconds as in gettimeofday) 


17. ping localhost/127.0.0.1/0 


These are the way we can ping to localhost. 


18. ping —V 


This show the the current version of ping on your machine. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# ping -V 


ping utility, iputils-s20121221 


Lab 


Tenlet:- 


User interface to the TELNET protocol. telnet command belongs to DAPRA command set, 
allow you to log on to remote machine. It is used for interactive communication with remote 
host. When telnet command with host IP address hit on command line it open telnet 
command prompt & require a password to login to another host machine. As long as we 
logged in with remote machine your machine is act like dumb terminal it just provide 
interface to logged in to remote machine. 


With escape character there is facility we can switch between remote machine & local 
machine .Default Escape character : " Ctrl +] " Once you press this you can work with 
your local machine just at start of every command you have to press exclamatory mark '!' . 
we can end remote session with exit command after that we bacl to our local machine. 


Telnet not secure - everything is sent in plain text be it over a local network or over the 
Internet. So any one can hack your information including your password. It is old - text based 
only, there are no graphics provided. 


telnet is not in built functionality we have to install it from yum or apt repository. 
Yum install telnet 


Apt-get install telnet. 


Usage:- 


telnet [-468ELadr] [-S tos] [-b address] [-e escapechar] [-! user] [-n tracefile] [host [port]] 


1. telnet IP_addr 


ex. telnet 192.168.2.5 


with this command your able to login to remote machine provided login infirmation & 
password. your local machine provide a terminal to work on remote machine using telnet 
command. 


rying 192.168.2.5... 

onnected to 192.168.2.5. 

scape character is ‘*]'. 

Jbuntu 14.04.3 LTS 

agrant-ubuntu-trusty-64 login: ashu 

assword: 

Nelcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-77-generic x86_64) 


* Documentation: https://help.ubuntu.com/ 
System information as of Fri Feb 19 07:53:34 UTC 2016 


System load: 0.15 Users logged in: 1 

Usage of /: 8.7% of 39.34GB IP address for eth@: 10.0.2.15 
Memory usage: 44% IP address for eth1: 192.168.2.5 
Swap usage: 0% IP address for docker@: 172.17.0.1 
Processes: 92 


Graph this data and manage this system at: 
https://landscape.canonical.com/ 


Get cloud support with Ubuntu Advantage Cloud Guest: 
http: //www.ubuntu.com/business/services/cloud 


he programs included with the Ubuntu system are free software; 
he exact distribution terms for each program are described in the 
individual files in /usr/share/doc/*/copyright. 


Jbuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 
pplicable law. 


shu@vagrant-ubuntu-trusty-64:~$ 


2. telnet -4/6 IP_addr 


Force IPv4/IPv6 address resolution. 


3. telnet -E IP_addr 


it disables the escape character functionality. If ths functionality removes it is not possible to 
swich between remote machine & local machine. 


4. telnet -Il [user_name] IP_addr 


ex. telnet -l ashu 192.168.2.5 


with this "-I" option we can login to remote host with specific user name which must me 
present at remote machine. with this command it directly promt you for password as it 


already have user name with it. 

root@vagrant-ubuntu-trusty-64: /home/vagrant# telnet -1 ashu 192.168.2.5 
Trying 192.168.2.5... 

Connected to 192.168.2.5. 

Escape character is ‘*]'. 


Password: 
Last login: Fri Feb 19 08:50:31 UTC 2016 from 192.168.2.8 on pts/2 
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-77-generic x86_64) 


5. telnet -e [escapechar] IP_addr 


with this we can change the default escape character with new one as you specifies in 
command. 


6. telnet -r IP-addr 


Emulate rlogin(1). In this mode, the default escape character is a tilde. Also, the 
interpretation of the escape character is changed: an escape character followed by a dot 
causes telnet to disconnect from the remote host. A “Z instead of a dot suspends telnet, and 
a ‘] (the default telnet escape character) generates a normal telnet prompt. These codes are 
accepted only at the beginning of a line. 


7. telnet IP_addr port [port_no] 


By default telnet uses port 23. we can change port or service by this command as we want. 


8. telnet -n tracefile IP_addr 


It is used to record trace information in file we specified on command line. but to record trace 
information it is neccesary to set trace file first. 


Lab 


Nmap :- 


Nmap (“Network Mapper’) is an open source tool for network exploration and security 
auditing. Namp determine what hosts are available on the network, what services offering by 
host, what type of operating system running, type of firewall in use. It is useful uitility for 
network & system administrators. The output from Nmap is a list of scanned targets, with 
information on each depending on the options used. nmap command line tool to scan a 
host / network, security scanning, finding open port. Nmap is available in package 
repository of most of linux distributions. We have to install it. 


apt-get install nmap 


yum install nmap 


options:- 


1. nmap IP_addr. 


Ex. nmap 192.168.2.8 


Namp with IP address scan IP address & gives you information of services, open port, mac 
address. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap 192.168.2.8 


Starting Nmap 6.40 ( http://nmap-.org ) at 2016-02-18 16:26 UTC 
(map scan report for server (192.168.2.8) 
Host is up (@.000011s latency). 
Not shown: 997 closed ports 
STATE SERVICE 
open ssh 
open http 
open rpcbind 


Nmap done: 1 IP address (1 host up) scanned in 2.83 seconds 


2. nmap domain_name 


ex. nmap www.google.com 


nmap scan server name & gives you IP address, list out services, open port information, 
mac address. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap www.google.com 


Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-18 16:28 UTC 
Nmap scan report for www.google.com (216.58.197.36) 
Host is up (@.0073s latency). 
rDNS record for 216.58.197.36: maaQ@3520-in-f4.1e100.net 
Not shown: 998 filtered ports 
STATE SERVICE 
open http 
443/tcp open https 


Nmap done: 1 IP address (1 host up) scanned in 14.77 seconds 


3. nmap -v IP_addr/domain_name 


Gives details information of remote host.verbose dispaly. 


4. nmap IP_addr with wildcard character “™’ 


Ex. nmap 192.168.2.* or nmap 192.168.2.0/24 


With the wildcard character enter we can scan entire IP address range & subnet. gives all 
information of hosts which are up & down. 


Nmap scan report for hkg12s01-in-f30.1e100.net (216.58.197.126) 
Host is up (@.00@46s latency). 
Not shown: 998 filtered ports 
STATE SERVICE 
88/tcp open http 
443/tcp open https 


Nmap scan report for hkg12s01-in-f31.1e100.net (216.58.197.127) 
Host is up (@.0@35s latency). 

Not shown: 998 filtered ports 

PORT STATE SERVICE 

80/tcp open http 

443/tcp open https 


ompleted (192 up), 64 undergoing SYN Stealth Scan 


Stats: 0:17:06 elapsed; 128 hosts c 
SYN Stealth Scan Timing: About 7.38% done; ETC: 17:43 (@:54:12 remaining) 


5. nmap IP_addr with last octet 


Ex. nmap 216.58.197.93,125 


With nmap we can scan multiple IP address just by specifying last octect as shown in 
example. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap 216.58.197.93,125 


Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-18 16:50 UTC 
Nmap scan report for maa@3s21-in-#29.1e100.net (216.58.197.93) 
Host is up (@.0030s latency). 

Not shown: 998 filtered ports 

PORT STATE SERVICE 

80/tcp open http 

443/tcp open https 


Nmap scan report for hkg12s@1-in-f29.1e100.net (216.58.197.125) 
Host is up (@.0@13s latency). 


All 1000 scanned ports on hkg12s@1-in-f29.1e100.net (216.58.197.125) are filtered 


Nmap done: 2 IP addresses (2 hosts up) scanned in 6.91 seconds 


6. nmap IP_addr range 


Ex nmap 216.58.197.90-93 


With nmap command we can scan IP address range as specified in above example. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap 216.58.197.50-52 


Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-18 16:57 UTC 
root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap 216.58.197.50-51 


Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-18 16:58 UTC 
Nmap scan report for maaQ@3s20-in-f18.1e100.net (216.58.197.50) 
Host is up (@.036s latency). 

Not shown: 998 filtered ports 

PORT STATE SERVICE 


80/tcp open http 
443/tcp open https 


\map scan report for maaQ3s2@0-in-f19.1e100.net (216.58.197.51) 
Host is up (8.036s latency). 

Not shown: 998 filtered ports 

PORT STATE SERVICE 

80/tcp open http 

443/tcp open https 


\map done: 2 IP addresses (2 hosts up) scanned in 46.4@ seconds 


7. nmap —A IP_addr 


With option “A” menstion along with nmap it gives script scanning output, traceroute, OS 
version of provided host 


8. nmap -O IP_addr 


[O =-osscan guess] 


With option ‘O’ it gives OS information & its version of remote host. 


9. nmap IP_addr wildcard[*] --exclude IP_addr 


Ex. nmap 192.168.2.* --exclude 192.168.2.8 


With this command as shown in example we can exclude the IP address from scanning as 
we used wildcard character to scan all 256 host in last octect. 


10. nmap example.txt** 


Cat > example.txt 
Localhost 
192.168.2.2 
192.168.22.1 


With file menstion along with nnap command we can scan all the IP address server host 
names included in that . 


11. nmap -sA IP_addr/ domain_name 


With this ‘s’ option along with nmap command we can determine is host is protected by 
firewall. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap -sA www.google.com 


Starting Nmap 6.40 ( http://nmap.org ) at 2016-92-18 17:02 UTC 

map scan report for www.google.com (216.58.197.36) 

Host is up (@.00@@12s latency). 

rDNS record for 216.58.197.36: maaQ3s20-in-f4.1e100.net 

All 10@@ scanned ports on www.google.com (216.58.197.36) are unfiltered 


imap done: 1 IP address (1 host up) scanned in 1.94 seconds 


12. nmap —PN IP_addr/domain_name 


Nmap along with this option we can scap host protected by firewall. 


13. nmap -sP IP_addr/subnet mask 


Ex. nmap -sP 192.168.2.2/24 


With this we can scan which host are up, it find only running hosts. Its like ping utility. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap 192.168.2.1/24 


Starting Nmap 6.4@ ( http://nmap.org ) at 2016-02-18 17:12 UTC 
Nmap scan report for 192.168.2.1 

Host is up (@.0@08@s latency). 

Not shown: 998 filtered ports 

PORT STATE SERVICE 

2869/tcp open icslap 

5357/tcp open wsdapi 

MAC Address: @A:00:27:00:00:00 (Unknown) 


Nmap scan report for 192.168.2.5 
Host is up (@.0003@s latency). 
Not shown: 996 closed ports 
STATE SERVICE 
open ssh 
open telnet 
open http 
open rpcbind 
MAC Address: 98:00:27:26:DB:C1 (Cadmus Computer Systems) 


Nmap scan report for server (192.168.2.8) 
Host is up (@.00@0@21s latency). 
Not shown: 997 closed ports 

STATE SERVICE 

open ssh 

open http 

open rpcbind 


Nmap done: 256 IP addresses (3 hosts up) scanned in 101.06 seconds 


14. nmap -F IP_addr 


To perform fast scan “-F” option is used. 


15. nmap -r IP_addr 


It is used to scan sequentially. 


16. nmap —p IP_addr 


Ex. nmap —p 80 192.168.2.2 


nmap -p 7:80 192.168.2.2 
nmap -p U:54 192.168.2.2 
nmap -p 80,22 192.168.2.2 


nmap -p 80-443 192.168.2.2 


with “-p” option we scan fot a specific port . we cam menstioned port no directly inside 
command or we can also find along with port type AS TCP,UDP, multiple port also scan on 
single command line 


17. nmap -iflist 


With this command we can find out network interfaces & route information. It is useful during 


debugging. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap -iflist 


Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-18 17:15 
7 RO OK OR OR OR OK RK RK TNT ER EAC ES FR RR ROK OK OO OR OR OOK OR OK OR KOK KK 
DEV (SHORT) IP/MASK TYPE UP MTU 
eth® (eth@) 10.0.2.15/24 ethernet up 1500 08:00:27:FD:9E:15 
eth® (eth®) fe80::a00:27ff:fefd:9e15/64 ethernet up 1500 08 :27:FD:9E:15 
ethi (eth1) 192.168.2.8/24 ethernet up 1500 08:00:27:B2:5A:65 
ethi (eth1) fe80::a00:27ff:feb2:5a65/64 ethernet up 1500 08:00:27:B2:5A:65 
(lo) 127.0.0.1/8 loopback up 65536 
(lo) 721/128 loopback up 65536 


DST /MASK DEV METRIC GATEWAY 

10.0.2.0/24 ethd @ 

192.168.2.0/24 eth1 @ 

@.8.0.0/0 eth@ 

21/128 lo 

F ::aQ0:27fF:feb2:5a65/128 lo 
::aQ@0:27FF:fefd:9e15/128 lo 
77/64 eth 
77/64 ethi 
sce eth@ 
77/8 eth1 


18. nmap -V IP_addr 


With “-V” option we can find out current install version of nmap on local machine. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# nmap -V 


Nmap version 6.4@ ( http://nmap.org ) 
Platform: x86_64-pc-linux-gnu 


Compiled with: liblua-5.2.3 openssl-1.0.1f libpcre-8.31 libpcap-1.5.3 nmap-libdnet-1.12 ipv6 
Compiled without: 
Available nsock engines: epoll poll select 


19. nmap —sV IP_addr 


if we combine it as “-sV” then we can find service versions running on host. 


grant-ubuntu-trusty-64: /home/vagrant# nmap -sV 192.168.2.8 


Starting Nmap 6.40 ( http://nmap-.org ) at 2016-02-18 17:17 UTC 
Nmap scan report for server (192.168.2.8) 
Host is up (@.000032s latency). 
Not shown: 997 closed ports 
STATE SERVICE VERSION 
open ssh (protocol 2.0) 
88/tcp open http Apache httpd 2.4.7 ((Ubuntu)) 
111/tcp open rpcbind 2-4 (RPC #100000) 
1 service unrecognized despite returning data. If you know the service/version, please submit the fo 
lowing fingerprint at http://www. insecure.org/cgi-bin/servicefp-submit.cgi : 
SF-Port22-TCP : V=6 . 40%1=7%D=2/18%T ime=S6C5FCCO%*P=x86_64-pc-linux-gnu%r (NULL 
SF: ,2B,"SSH-2\.@-OpenSSH_6\.6\.1p1\x2@Ubuntu-2ubuntu2\.6\r\n") ; 


Service detection performed. Please report any incorrect results at http://nmap.org/submit/ 
Nmap done: 1 IP address (1 host up) scanned in 33.21 seconds 


20. scanning using ping protocol: 


* Ping by host discovery method(when ICMP protocol blocks) for TCP protocol: 


Ex. nmap -PS 192.168.2.2 
nmap -PS 80,21,443 ,22 192.168.1.2 
nmap -PA 192.168.1.1 
nmap -PA 80,21,200-512 192.168.2.8 


* ping using IP protocol: 


nmap -PO 192.168.2.2 


* ping using UDP protocol: 


nmap PU 192.168.2. 


21. scan services using ports : 


* scan for UDP services: 


nmap -sU www.google.com 
nmap -sU 192.168.1.1 


* scan for TCP services: 


nmap -sS 192.168.1.1 ( stealthy scan) 
nmap -sT 192.168.1.1 (no stealth scan) 
nmap -SA 192.168.1.1 (ACK scan) 

nmap -sW 192.168.1.1 (window scan) 


nmap -sM 192.168.1.1 (maimon scan) 


* scan fot IP services: 


namp -sO 192.168.2.1 


¢ scan for firewall check: 


nmap -SN 192.168.1.2 
nmap -SF 192.168.1.5 
nmap -sX 192.168.1. 


22. we can save nmap output to a file using: 


ex - 
nmap 192.168.1.5 > nmap_soutput.txt 
nmap -ON /home/test/file_name 192.168.1.5 


nmap -oON nmap_output.txt 192.168.1.5 


Lab 


Netstat:- 


Print network connections, routing tables, interface statistics, masquerade connections, and 
multicast memberships. It prints the information related to Linux networking subsystem. It 
shows which ports are open & close, it is most useful command for network troubleshooting. 
This command is useful for network administration & system administration people. 


Option:- 


1. netstat 


netstat displays a list of open sockets. If you don't specify any address families, then the 


active sockets of all configured address families it listed 
root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat | more 
Active Internet connections (w/o servers) 
Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp a) @ vagrant-ubuntu-trus:ssh 10.0.2.2:56289 ESTABLISHED 
Active UNIX domain sockets (w/o servers) 
Proto RefCnt Flags Type State I-Node Path 
i [ ] DGRAM 8752 /dev/log 
STREAM CONNECTED 8678 
STREAM CONNECTED 11899 
DGRAM 16633 
STREAM CONNECTED 7686 
DGRAM 9097 
DGRAM 7230 
STREAM CONNECTED 7177 @/com/ubuntu/upstart 
DGRAM 11814 
STREAM CONNECTED 8661 
STREAM CONNECTED 9308 /var/run/dbus/system_bus_ socket 
STREAM CONNECTED 8779 
STREAM CONNECTED 7161 
STREAM CONNECTED 8263 
STREAM CONNECTED 11950 
STREAM CONNECTED 8715 
STREAM CONNECTED 8660 
STREAM CONNECTED 11906 


7 
3 
3 
2 
2 
3 
2 


Now WwW 


Ww 


Www WwW 


WW WwW rh WwW 


Its output like that but much big in length so just pipe it with more so you can go thgough all 
the list. 


2. netstat —t 


it shows list of programs which already have established TCP connection but, not those 


which are waiting for TCP connection 
root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -t 
Active Internet connections (w/o servers) 


Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp 8 @ vagrant-ubuntu-trus:ssh 10.0.2.2:56289 ESTABLISHED 


3. netstat —a 


it shows list of listening & non listening sockets. 


4. netstat —at 


it list out all the programs which are listening & established TCP connection only. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -at 
Active Internet connections (servers and established) 
Proto Recv-Q Send-Q Local Address Foreign Address State 
4) @ *:sunrpc x. LISTEN 
@ *:59829 ey LISTEN 
Q@ *:ssh shoe LISTEN 
8 localhost:mysql % 2% LISTEN 
@ vagrant-ubuntu-trus:ssh 10.0.2.2:56289 ESTABLISHED 
::]:sunrpc : * LISTEN 
: LISTEN 
LISTEN 
LISTEN 


5. netstat —u 


it list out all the programs which have already established UDP connection only not listening 


one. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -u 


Active Internet connections (w/o servers) 
Proto Recv-Q Send-Q Local Address Foreign Address 


Right now i don’t have any established UDP connection on my machine. 


6. netstat —au 


it list out all the programs which are listening & established UDP connection only. 

root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -u 

Active Internet connections (w/o servers) 

Proto Recv-Q Send-Q Local Address Foreign Address 

root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -au 

Active Internet connections (servers and established) 

Proto Recv-Q Send-Q Local Address Foreign Address 
*:sunrpc P 


* 235444 


=O 7 
*-26297 
localhost:812 
*-bootpc 
[::]:sunrpc 
udp6 4° 677 
udp6 9 [::]:19397 
udp6 fs 2 SIDA 


7. netstat —I 


it shows all listening sockets.(whose which are omitted by default) 


8. netstat -s 


Display summary statistics for each protocol. Default protocol list are TCP,-UDP,ICMP & IP. 


9. netstat —r 


Dispaly kernel IP routing table. 

root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -r 

Kernel IP routing table 

Destination Gateway Genmask Flags MSS Window Iface 


10.0.2.2 9.0.0.0 UG 8 @ @ eth@ 


* 255.255.255.0@ U 8 @ Jd ethd 
1s 255.255.255.080 U 890 @ ethi 


10. netstat —i 


Display kernel interface table. It shows network interface packet usage with MTU size. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -i 
Kernel Interface table 
MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg 


15008 @ 338628 Q In 4) 406930 2) Q 2) 
1500 @ 5600 Q an) 3801 4 @ 4) 
65536 @ 6639 4) 8 0 6639 2) Q 


11. netstat —c 


It print the netstat information continuously. If we menstion no along with then it print after 
that much duration of time 


12. netstat —p 


IT shows the list of services with their PID no which uses network sockets. 


13. netstat —pa | grep ssh 


It displays the which programs are listening on specified port. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -pa | grep ssh 
Q Ors on LISTEN 1519/ d 
@ vagrant-ubuntu-trus: 10.0.2.2:56289 ESTABLISHED 1831/ d: vagrant 
@ Fest: et ee LISTEN 1519/ d 
STREAM CONNECTED 11899 1831/ d: vagrant 


unix DGRAM 11814 1831/ d: vagrant 
unix 3 STREAM CONNECTED 11966 1831/ d: vagrant 


14. netstat -—g 


It displays the multicast gropup membership information for IPv4/IPv6 


root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat 
IPv6/IPv4 Group Memberships 
Interface RefCnt Group 


all-systems.mcast. 
all-systems.mcast. 
all-systems.mcast. 
ip6-allnodes 
#¥01::1 

#02: :1:fffd 
ip6-allinodes 

#01: :1 

#02: :1:4fb2 

F¥@2: :202 
ip6-allnodes 

#01: :1 


PR RP RRP RP RP RP PR PB 


15. netstat —F 


Print routing information from the FIB. (This is the default.) 


16. netstat —n 


Show numerical addresses instead of trying to determine symbolic host, port or user names. 


17. Netstat —M 


Display a list of masqueraded connections. 


18. netstat —V 


shows the current version of netstat on system. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# netstat -V 

net-tools 1.60 

netstat 1.42 (2001-04-15) 

Fred Baumgarten, Alan Cox, Bernd Eckenfels, Phil Blundell, Tuan Hoang and others 


+NEW_ADDRT +RTF_IRTT +RTF_REJECT +FW_MASQUERADE +118N 

AF: (inet) +UNIX +INET +INET6 +IPX +AX25 +NETROM +X25 +ATALK +ECONET +ROSE 

IHW: +ETHER +ARC +SLIP +PPP +TUNNEL -TR +AX25 +NETROM +X25 +FR +ROSE +ASH +SIT +FDDI +HIPPI +HDLC/L 
PB +EUI64 


Lab 


Traceroute:- 


Print the route packets trace to network host. 


It provides information number of routes presents between source to destination. It is 
important command to understand network flow. It takes maimum 30 hops to traceoute 
route,it does not means that their is only 30 routers/intermediate routers , it estimated & 
takes only main ISP & forwared information. 


Usage:- 


traceroute [-46dFITUnreAV] [-f first_ttl] [-g gate,...] 
[-i device] [-m max_ttl] [-p port] [-s src_addr] 
[-q nqueries] [-N squeries] [-t tos] 
[-1 flow_label] [-w waittime] [-z sendwait] [-UL] [-D] 
[-P proto] [--sport=port] [-M method] [-0 mod_options] 
[--mtu] [--back] 
host [packet_len] 

traceroute6 [options] 

tcptraceroute [options] 

lft [options] 


Options:- 


1. traceroute domain_name/IP_addr 


ex. traceroute www.google.com 


It gives the route information to reach destination address. Maximum 30 hops are their whin 
that limit only it provide route information. If we get asterisks * signs its because some ICMP 
packets block by firewall or not respond in timely manner.(here its because i use virtualbox). 


root@vagrant-ubuntu-trusty-64: /home/vagrant# traceroute www.google.com 
traceroute to www.google.com (216.58.197.36), 30 hops max, 60 byte packets 
1 10.0.2.2 (10.0.2.2) 0.167 ms 0.081 ms 0.140 ms 

* * * 


* 


WW KO 


K 


* 


* 


4 
Bs) 
6 
7 
8 
9 


=\Users\abhijit>tracert www.google.com 


racing route to www.google.com [216.58.197.361] 
over a maximum of 36 hops: 


16 ms 16 192.168.45.1 

* Request timed out. 
262 .88.156.1 
262 .88.156.66 
262 .88.156.61 
262 .88.156.54 
262.88 .156.53 
263.266.2805 .37.ill-bgl.static.vsnl.net.in [263.266.265.371] 
172 .17.169 .262 
Request timed out. 
115.114.85.241 
if -3-3.tcore2.CXR-Chennai.as6453.net [186.87.36.6] 
if-6-2.tcore2 .SUW-Singapore.as6453.net [188.87.37.14] 
if —-29-2 .tcorel1 .SUQ-Singapore .as6453.net ([186.87.96.211 
72 .14.223 .261 
269 .85.243.156 
209 .85.241 .134 
216.239 .48.76 
209 .85.256.65 
Request timed out. 
maa3s2@-in-f4.1e168.net ([216.58.197.36] 


race complete. 


2. tracerout -—mtu domain_name/IP_addr 


ex. traceroute --mtu www.google.com 


It gives information of mtu(maximum trasmistion unit) for hop, if firewall settings not blocking 
it. In the form of F=number. 


3. traceroute —V 


It tells the version traceroute used on your local machine. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# traceroute -V 
Modern traceroute for Linux, version 2.0.20, Aug 19 2014 


Copyright (c) 2008 Dmitry Butskoy, License: GPL v2 or any later 


4. traceroute —m count domain_name/IP_addr 


ex. traceroute -m count 3 www.google.com 


We know maximunm hop count is 30 we can limit that with this command with option m & 
providing count along with it,so it only show that no of hops. It count from starting 
incremental manner. 


as shown below it just look upto first 3 hosts.(its virtual machine so its unable to dermine 

path) 

-oot@vagrant-ubuntu-trusty-64: /home/vagrant# traceroute -m 3 www.google.com 
raceroute to www.google.com (216.58.196.196), 3 hops max, 60 byte packets 

1 10.0.2.2 (10.0.2.2) 0.165 ms 0.210 ms 0.126 ms 


2 * * * 
S 2 
3 


=-\Users\abhijit >tracert —h 3 www.google.com 


racing route to www.google.com [216.58.196.196] 
over a maximum of 3 hops: 


m 192.168.9.1 
m 192 .168.6.1 
Request timed out. 


race complete. 


5. traceroute —n domain_name/IP_addr 


ex. traceroute -n www.google.com 


With —n option it eliminates FKDN only shows ip address, only shows output in numerical 
form. 


as its output on windows machine "d" option i used , as shown below its just show IP 


=\Users\abhijit >tracert —-d www.google.com 


Facing route to www.google.com [173.194.126.147] 
over a maximum of 36 hops: 


ms s s 192.168.9.1 
ms $ s 192.168.6.1 
Request timed out. 
s s 122.166.33.17 
35 ms 122.175 .255.29 
43 ms 182.79.255.185 
* 182.79 .208 .34 
43 s s 182.79.217.176 
* Request timed out. 
43 ms s s 72.14.242.178 
44 72 .14.233 .204 
7? 72 .14.238 .178 
78 ms 64.233 .175 .86 
Er 72 .14.235.171 
8? s s 173.194.126.147 


address No FKDN . (teiedieiedS 


6. traceroute -4 /-6 domain_name 


ex.traceroute -4 www.google.com 
traceroute -6 www.google.com 


Explicitly force to use IPv4 or IPv6 addressing scheme for tracerouting. By default it 
automatically choose protocol & resolve name. 


7. traceroute -! domain_name/IP_addr 


ex. traceroute -| www.google.com 


It forces to choose ICMP_ECHO method for tracerouting. 


8. traceroute -T domain_name/IP_addr 


ex. traceroute -T www.google.com 


It forces to choose TCP_SYN method for tracerouting. 


9. traceroute -q domain_name/IP_addr 


ex. traceroute -q www.google.com 


option '-q' allows to change number of retries (default is 3). 


10. traceroute domain_name/IP_addr packet_len 


ex. traceroute www.google.com 80 It is use to modify original packet length using this 
command. 


length of treaceroute packet here is 60 byte.as you can see below: 


root@vagrant-ubuntu-trusty-64: /home/vagrant# traceroute www.google.com 


traceroute to www.google.com (74.125.200.103), 3@ hops max, 6@ byte packets 
1 10.0.2.2 (10.0.2.2) 90.322 ms 90.252 ms 6.236 ms¥ 


modified lenth of packet: 
root@vagrant-ubuntu-trusty-64: /home/vagrant# traceroute www.google.com 8@ 
traceroute to www.google.com (216.58.196.68), 30 hops max, 8@ byte packets 


1 10.0.2.2 (10.0.2.2) 90.078 ms @.076 ms @.056 ms 


2 RS 


11. traceroute —F domain_name/IP_addr 


ex. traceroute -F www,google.com 


It means do not fragments or splits the original probes packet. 


12. traceroute —f [first_ttl] domain_name/IP_addr 


ex. traceroute -f 4 www.google.com 


It specifies from which ttl to start routing , by default it start from 1. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# traceroute -f 4 www.google.com 

traceroute to www.google.com (216.58.196.196), 3@ hops max, 6@ byte packets 
A * kK * 


*x* K X 


xk K 


* *K 


13. traceroute -g [gateway] domain_name/IP_addr 


Tells traceroute to add an IP source routing option to the outgoing packet that tells the 
network to route the packet through the specified gateway (most routers have disabled 
source routing for security reasons). 


14. traceroute —i [interface] domain_name/IP_addr 


We can mention interface so that from which interface traceroute should send packets. By 
default it is selected according to routing table. 


15. traceroute [—N squeries] domain_name/IP_addr 


With this we can specify maximum no. of prob packets send simultaneously. Maximum vaue 
is 16. But if we incease size their is chances of packet get lost. Same side it is speed up 
response 


16. traceroute [-s source_addr] domain_name/IP_addr 


With this we can choose alternative souce address from interfaces, default outgoing 
interface address used. 


17. traceroute [-p port] domain_name/IP_addr 


Used for UDP port 


18. traceroute [-w timeout_time] domain_addr/IP_addr 


It is used to set time to respond for each probe . by default it is 3 sec. 


Lab 


Tcptraceroute:- 


Is a traceroute implementation using TCP packets. Normal traceroute command uses 
ICMP or UDP protocol ECHO packet with TTL. But now a days most modern machine has 
firewall configured which blocks the ICMP & UDP protocol , so its not possible to trace out 
destination path. However firewall allowes inbound TCP packets , so with tcptraceroute 
utility it is possible to trace destination path. 


It is worth noting that tcptraceroute never completely establishes a TCP connection with the 
destination host. If the host is not listening for incoming connections, it will respond with an 
RST indicating that the port is closed. If the host instead responds with a SYN|ACK, the port 
is known to be open, and an RST is sent by the kernel tcptraceroute is running on to tear 
down the connection without completing three-way handshake. This is the same half-open 
scanning technique. 


Usage:- 


tcptraceroute [-nNFSAE] [-i ] [-f ] [-I ] [-q ] [-t ] [-m ] [-pP] ] [-s ] [-w ] [destination port] [packet 
length] 


Options:- 


1. tcptreaceroute IP_addr/domain_server 


ex. tcptraceroute www.google.com 


It gives the route information to reach destination address using TCP packets. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# tcptraceroute www.google.com 
Selected device eth@, address 10.0.2.15, port 51467 for outgoing packets 


Tracing the path to www.google.com (216.58.203.100) on TCP port 8@ (http), 30 hops max 
1 10.0.2.2 1.138 ms 0.521 ms 0.502 ms 
2 kul@1s@8-in-f4.1e100.net (216.58.203.100) [open] 84.647 ms 117.388 ms 80.208 ms 


2. tcptraceroute -n IP_addr/domain_name 


ex. tcptraceroute -n www.google.com 


It gives information in numerical form it dont display FQDN information associated with 
hosts. 


root@vagrant-ubuntu-trusty-64: /home/vagrant# tcptraceroute -n www.google.com 
Selected device eth@, address 10.0.2.15, port 34861 for outgoing packets 
Tracing the path to www.google.com (216.58.196.196) on TCP port 8@ (http), 3@ hops max 


1 10.0.2.2 @.181 ms 90.495 ms @.493 ms 
2 216.58.196.196 [open] 83.112 ms 82.200 ms 82.959 ms 


3. tcptraceroute —f [first_ttl] domain_name/IP_addr 


ex. tcptraceroute -f 4 www.google.com 


It specifies from which ttl to start routing , by default it start from 1. 


4. tcptraceroute -s [source_addr] domain_name/IP_addr 


ex. tcptraceroute -s 192.168.2.5 www.google.com 


we can set source address from which packets send to destination address to trace route 
from. 


5. tcptraceroute —m count domain_name/IP_addr 


ex. tcptraceroute -m count 3 www.google.com 


We know maximunm hop count is 30 we can limit that with this command with option m & 
providing count along with it,so it only show that no of hops. It count from starting 
incremental manner. 


6. tcptraceroute —i [interface] domain_name/IP_addr 


We can mention interface so that from which interface tcptraceroute should send packets. 
By default it is selected according to routing table. 


7. tcptraceroute [-w timeout_time] domain_addr/IP_addr 


It is used to set time to respond for each probe . By default it is 3 sec. 


8. tcptraceroute —F domain_name/IP_addr 


ex. tcptraceroute -F www,google.com 


It means do not fragments or splits the original probes packet. 


9. tcptraceroute domain_name/IP_addr 


ex. tcptraceroute www.google.com 110 


Set the total packet length to be used in outgoing packets. If the length is greater than the 
minimum size required to assemble the necessary probe packet headers, this value is 
automatically increased. 


10. tcptraceroute -S domain_name/IP_addr 


Set the TCP SYN flag in outgoing packets. This is the default, if neither -S or -Ais specified. 


11. tcptraceroute -A domain_name/IP_addr 


Set the TCP ACK flag in outgoing packets. By doing so, it is possible to trace through 
stateless firewalls which permit out- going TCP connections. 


12. tcptraceroute -E domain_name/IP_addr 


Send ECN SYN packets, as described in RFC2481. 


Lab 


Wholis:- 


client for the whois directory service. it provide owner,technical contact of virtually any public 
domain name. whois is protocol use for searching server of specified object. whois searches 
for an object ina RFC 3912 database.If no guess can made then it will connect to 
whois.networksolutions.com for NIC handles or whois.arin.net for |Pv4 addresses and 
network names. 


Usage:- 


whois [OPTION]... OBJECT..[-h host] [-p port] [-alL MmcxbBGdkrR] [-i ATTR] [-T type] 


Options:- 


1. whois domain_name/IP_addr 


ex. whois ubuntu.com 


It gives register domain information owner ,technical contacts. 
vomain : ://Www.icann.org/epp#clientveleterr 
egistry Registrant ID: 
egistrant Name: James Troup 
egistrant Organization: Canonical, Ltd. 
egistrant Street: One Circular Road, 
egistrant City: Douglas 
egistrant State/Province: Isle of Man 
Registrant Postal Code: IM1 1AF 
egistrant Country: GB 
egistrant Phone: +44.2076302499 
egistrant Phone Ext: 
egistrant Fax: 
egistrant Fax Ext: 
egistrant Email: hostmaster@canonical.com 
egistry Admin ID: 
imin Name: James Troup 
Organization: Canonical, Ltd. 
Street: One Circular Road, 
City: Douglas 
State/Province: Isle of Man 
Postal Code: IM1 1AF 
Country: GB 
Phone: +44.2076302499 
Phone Ext: 
Fax: 
Fax Ext: 
Email: hostmaster@canonical.com 
egistry Tech ID: 
ech Name: James Troup 
ech Organization: Canonical, Ltd. 
ech Street: One Circular Road, 
ech City: Douglas 
ech State/Province: Isle of Man 
ech Postal Code: IM1 1AF 


regen. ~~ ~ Srna (rveray 
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2. whois --version 


Gives version information. 
root@vagrant-ubuntu-trusty-64: /home/vagrant# whois --version 
ersion 5.1.1. 


Report bugs to <md+whois@linux.it>. 


3. whois [-p port] domain_name 


This command allow to used specified port as menstion in command.By default it uses port 
43. 


4. whois —v domain_name 


Verbose display. It display output in detailed manner , what is being done. 


5. whois —H domain_name 


It use to hide legal disclaimers information. 


6. whois --help 


Use for online help. 
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